Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2509

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2509
Last Modified 29 Jul 2011 12:00:00
Published 27 Jul 2011 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2509

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.

Vulnerable Systems

Application

  • Joomla%21 1.5.0

  • Joomla%21 1.5.1

  • Joomla%21 1.5.10

  • Joomla%21 1.5.11

  • Joomla%21 1.5.12

  • Joomla%21 1.5.13

  • Joomla%21 1.5.14

  • Joomla%21 1.5.15

  • Joomla%21 1.5.16

  • Joomla%21 1.5.17

  • Joomla%21 1.5.18

  • Joomla%21 1.5.19

  • Joomla%21 1.5.2

  • Joomla%21 1.5.20

  • Joomla%21 1.5.21

  • Joomla%21 1.5.22

  • Joomla%21 1.5.23

  • Joomla%21 1.5.3

  • Joomla%21 1.5.4

  • Joomla%21 1.5.5

  • Joomla%21 1.5.6

  • Joomla%21 1.5.7

  • Joomla%21 1.5.8

  • Joomla%21 1.5.9

  • Joomla%21 1.6

  • Joomla%21 1.6.0

  • Joomla%21 1.6.1

  • Joomla%21 1.6.3


References

MISC - http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.3]_cross_site_scripting(XSS)

MLIST - [oss-security] 20110629 Re: CVE Request: Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities

MLIST - [oss-security] 20110628 CVE Request: Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities

CONFIRM - http://developer.joomla.org/security/news/352-20110604-xss-vulnerability.html


Last Updated: 27 May 2016 10:57:02